Considered one of the UK’s biggest hacks in 2015, the company disclosed a "significant and sustained cyber-attack" in October during which details from 156,959 customer accounts were exposed including 15,656 customer's sort codes and bank account numbers. The lost data had not been encrypted, but the company were not legally required to encrypt it at that time.
In October 2016, the company was fined a record £400,000 fine for its negligence on securing clients' data by the UK's Information Commissioner's Office. The company claimed that the attack cost them £42 million and that 101,000 customers left due to the attack.
It was initially thought the hackers were part of an Islamist group based in Russia, before several people in the UK were arrested in relation to the attack.
Want to discuss this case? We're offering a FREE 20 minute phone consultation to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:
If you'd rather we did the heavy lifting in developing a cyber incident response plan or lessons learnt training for your organisation underpined by our unique insight into the challenges faced and strategies implemented by organisations countering today's cyber security threats then please contact us here.